Lessons learned from Paris art heist
by Graeme Mickelberg
The recent theft of five artworks, valued at more than US$100 million, from the Museum of Modern Art in Paris, raised some serious questions over the effectiveness of security measures. Graeme Mickelberg offers businesses some timely advice.
The theft of five masterpieces, by what appears to have been a lone thief, is yet another successful robbery from an art gallery. Australia has not been immune from such theft: in 2007 a painting valued at AU$1.4 million was stolen from the Art Gallery of NSW.
As ASM went to press, none of the Parisian art works had been recovered.
It appears that in the case of the Paris Museum of Modern Art, a person was able to go undetected after breaking into the building via a window, despite there being three guards on duty with access to extensive CCTV surveillance and an alarm system. The museum is reported to have upgraded security at a cost of US$19 million over two years from 2004 to 2006 - to provide a system of security that failed badly.
In both of the cases mentioned, gallery managers have been reluctant to reveal beyond some general comments what security measures were in place and how those responsible for the thefts were able to circumvent the security arrangements. However, thefts such as these are worthy of further examination as they may provide useful security lessons for other businesses.
Governments and businesses invest significant resources to provide security, and the motivation to do so has become an accepted part of risk management strategies. Terrorism incidents have provided added impetus to implement increased security, often as a result of government-mandated requirements.
Unfortunately, some organisations, including businesses, seem to regard technology and security guards as a panacea that will afford them sufficient protection against security threats. Nothing could be further from reality.
The following steps should be considered as part of any strategy to implement a security regime:
- Conduct a security threat and vulnerability assessment. This requires potential threats to be identified, as well as the extent to which the business is vulnerable to those threats. This process should be undertaken in consultation with key managers and line staff who have an intimate understanding of their business and their workplace.
- Identify security measures to combat identified threats. Having identified vulnerabilities, the next step is to identify what measures are available to combat security-related threats, which of the measures are already in place, and, as a consequence, where the gaps are in existing security arrangements.
- Apply best practice to procuring security solutions. This may be facilitated by referring to relevant Australian standards which provide valuable guidance on measures such as alarms, locks, signage, CCTV, fencing, and the training and employment of security guards. Surprisingly, many businesses are unaware of these standards.
- Ensure security staff are adequately trained. Without the right training and regular training updates, the capacity of security staff to use other measures effectively will be seriously limited. Once again there is an existing Australian standard for security guards and most, if not all, Australian states have licensing and mandatory training requirements for security contractors.
- Conduct unscheduled tests of security arrangements. All too often the testing of security arrangements is left to the security contractor, and managerial interest in the outcomes of such tests only becomes a priority after a security incident has harmed the business or organisation. The requirement to conduct such tests and to take immediate remedial action is as much a manager’s duty of care as other matters such as workplace health and safety requirements.
- Implement security measures as part of an integrated package. The objective here is to avoid unwittingly building into the security regime a weakness that may, despite the expense incurred, still leave the organisation exposed. As an example, one of my clients had spent a significant amount on CCTV; yet when audited I found that many of the cameras were ineffective because no consideration had been given to the proximity of cameras to the lighting of neighbouring businesses. The brightness of the lights meant security guards could not clearly see camera images. The integration of security measures should be guided by a security policy that is part of the overall governance measures implemented.
Although the Paris Museum of Modern Art may have had security measures in place, despite the costs incurred those measures failed to protect the museum from an obvious threat. Businesses and organisations would do well to take note of lessons learned at the expense of others.